New feature #17520: Auto-create LDAP users without bind DN

Dev Let LimeSurvey automatically create new users authenticated by AuthLDAP using their own credentials.

application/core/plugins/AuthLDAP/AuthLDAP.php

@@ -206,9 +206,10 @@ public function createNewUser()
      * Create a LDAP user
      *
      * @param string $new_user
+     * @param string $password
      * @return null|integer New user ID
      */
-    private function _createNewUser($new_user)
+    private function _createNewUser($new_user, $password = null)
     {
         $oEvent = $this->getEvent();
 
@@ -221,6 +222,8 @@ private function _createNewUser($new_user)
         $bindpwd        = $this->get('bindpwd');
         $mailattribute = $this->get('mailattribute');
         $fullnameattribute = $this->get('fullnameattribute');
+        $suffix             = $this->get('domainsuffix');
+        $prefix             = $this->get('userprefix');
 
         // Try to connect
         $ldapconn = $this->createConnection();
@@ -231,15 +234,12 @@ private function _createNewUser($new_user)
             return null;
         }
 
+        // Search email address and full name
         if (empty($ldapmode) || $ldapmode == 'simplebind') {
-            $oEvent->set('errorCode', self::ERROR_LDAP_MODE);
-            $oEvent->set('errorMessageTitle', gT("Failed to add user"));
-            $oEvent->set('errorMessageBody', gT("Simple bind LDAP configuration doesn't allow LDAP user creation"));
-            return null;
+            // Use the user's account for LDAP search
+            $ldapbindsearch = @ldap_bind($ldapconn, $prefix . $new_user . $suffix, $password);
         }
-
-        // Search email address and full name
-        if (empty($binddn)) {
+        else if (empty($binddn)) {
             // There is no account defined to do the LDAP search,
             // let's use anonymous bind instead
             $ldapbindsearch = @ldap_bind($ldapconn);
@@ -413,16 +413,9 @@ public function getPluginSettings($getValues = true)
                 unset($aPluginSettings['domainsuffix']);
             } else {
                 // Hide searchandbind settings
-                unset($aPluginSettings['searchuserattribute']);
-                unset($aPluginSettings['usersearchbase']);
-                unset($aPluginSettings['extrauserfilter']);
                 unset($aPluginSettings['binddn']);
                 unset($aPluginSettings['bindpwd']);
                 unset($aPluginSettings['ldapoptreferrals']);
-                unset($aPluginSettings['mailattribute']);
-                unset($aPluginSettings['fullnameattribute']);
-                unset($aPluginSettings['autocreate']);
-                unset($aPluginSettings['automaticsurveycreation']);
             }
         }
 
@@ -448,7 +441,7 @@ public function newUserSession()
         // No user found!
         if ($user === null) {
             // If ldap mode is searchandbind and autocreation is enabled we can continue
-            if ($ldapmode == 'searchandbind' && $this->get('autocreate', null, null, false) == true) {
+            if ($this->get('autocreate', null, null, false) == true) {
                 $autoCreateFlag = true;
             } else {
                 // If the user doesnt exist in the LS database, he can not login
@@ -567,7 +560,7 @@ public function newUserSession()
 
         // Finally, if user didn't exist and auto creation (i.e. autoCreateFlag == true) is enabled, we create it
         if ($autoCreateFlag) {
-            if (($iNewUID = $this->_createNewUser($username)) && $this->get('automaticsurveycreation', null, null, false)) {
+            if (($iNewUID = $this->_createNewUser($username, $password)) && $this->get('automaticsurveycreation', null, null, false)) {
                 Permission::model()->setGlobalPermission($iNewUID, 'surveys', array('create_p'));
             }
             $user = $this->api->getUserByName($username);